forked from lix-project/hydra
plain-reload.tt: Properly escape tail content.
We're just implicitly escaping the tail content by not using .load() but explicitly setting the text content using .text(), so that escaping isn't needed on our side. This should get rid of a few formatting errors and possibly XSS if someone manages to place JS code in the tail of a build and manages to lurk a user to that tail output. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
parent
aec0a35114
commit
be051bcadc
|
@ -9,11 +9,19 @@
|
|||
|
||||
[% IF reload %]
|
||||
<script>
|
||||
$(document).ready(function() {
|
||||
$("#contents").load("[% url %]");
|
||||
var refreshId = setInterval(function() {
|
||||
$("#contents").load("[% url %]");
|
||||
}, 5000);
|
||||
function injectTail() {
|
||||
$.ajax({
|
||||
url: "[% url %]",
|
||||
dataType: "text",
|
||||
success: function (tail) {
|
||||
$("#contents").text(tail);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
$(document).ready(function() {
|
||||
injectTail();
|
||||
setInterval(injectTail, 5000);
|
||||
});
|
||||
</script>
|
||||
[% END %]
|
||||
|
|
Loading…
Reference in a new issue